搜索

[8272] 2014-09-15_火眼(FireEye)实验室FLAREIDAPro脚本系列:MSDN注释插件

文档创建者:s7ckTeam
浏览次数:6
最后更新:2025-01-17
2014-09-15_火眼(FireEye)实验室FLAREIDAPro脚本系列:MSDN注释插件 F i r e E y e F L A R E   I D A   P r o M S D N F r e e B u f   2 0 1 4 - 0 9 - 1 5   R a b b i t _ R u n F L A R E h t t p s : / / g i t h u b . c o m / f i r e e y e / f l a r e - i d a F L A R E P S I D A   p y t h o n I D A   P r o M S D N - M S D N I D A   P r o 使 使 M S D N I D A   P r o 线 X M L I D A 1 I D A   P r o 7 C r e a t e F i l e A I D A 4 0 0 0 0 0 0 0 h G E N E R I C _ W R I T E 1 1
C r e a t e F i l e A h T e m p l a t e F i l e d w S h a r e M o d e 1 . I D B I D A 线 M S D N I D A   P r o . t i l
2 A P I 便 I D A   P r o 2 3 . m s d n I D A 3 .   I D A . m s d n 4 4 .   I D A   P r o
5 M A C R O _ C R E A T E d w C r e a t i o n D i s p o s i t i o n C r e a t e F i l a A 5 . M S D N Q T P y t h o n I D A   P r o   6 . 6 I D A   6 . 5 使   ( h t t p : / / w w w . h e x b l o g . c o m / ? p = 3 3 3 ) . X M L M S D N M S D N g i t h t t p s : / / g i t h u b . c o m / f i r e e y e / f l a r e - i d a O 1 .   线 M S D N h t t p : / / w w w . m i c r o s o f t . c o m / e n - u s / d o w n l o a d / d e t a i l s . a s p x ? i d = 1 8 9 5 0 . S D K 6 C : P r o g r a m F i l e s M i c r o s o f t   S D K s W i n d o w s v 7 . 0 H e l p 1 0 3 3 .
6 .   M S D N 2 .   7 - z i p M S D N 3 .   H e x - R a y s t i l i b . e x e   h t t p s : / / w w w . h e x - r a y s . c o m / p r o d u c t s / i d a / s u p p o r t / d o w n l o a d . s h t m l I D A   P r o % I D A D I R % / t i l / T I L H e y - R a y s t i l l i b T I L t i l l i b % I D A D I R % t i l i b 4 .   M S D N _ c r a w l e r / m s d n _ c r a w l e r . p y   < M S D N   >   <   t i l i b . e x e >   <   t i l > M S D N _ c r a w l e r M S D N _ c r a w l e r . p y T I L % I D A D I R % / t i l / p c / M S D N X M L M S D N _ d a t a   I D A M S D N I D A F i l e - > S c r i p t   F i l e (   A L T + F 7 ) a n n o t a t e _ I D B _ M S D N . p y 7 O K
7 .   8 8 . I D A P r o I D A S c o p e I D A A P I H e l p Z y n a m i c s M S D N   c r a w l e r I D A   i m p o r t e r W i n d o w s I D A   P r o M S D N M S D N c r a w l e r M S D N _ d a t a X M L m a d n _ d a t a . x m l X M L   S c h e m a n a m e   t a g C r e a t e F i l e A d w D e s i r e d A c c e s s 1 < ? x m l   v e r s i o n = < ? x m l   v e r s i o n = 1 . 0   e n c o d i n g = I S O - 8 8 5 9 - 1 ? > < m s d n > < f u n c t i o n s > < f u n c t i o n > < n a m e > C r e a t e F i l e A < / n a m e > < a r g u m e n t s > < a r g u m e n t > < n a m e > d w D e s i r e d A c c e s s < / n a m e > < c o n s t a n t s e n u m s = M A C R O _ G E N E R I C > < c o n s t a n t > < n a m e > G E N E R I C _ A L L < / n a m e > < v a l u e > 0 × 1 0 0 0 0 0 0 0 < / v a l u e > < d e s c r i p t i o n > A l l   p o s s i b l e a c c e s s   r i g h t s < / d e s c r i p t i o n > < / c o n s t a n t > < c o n s t a n t > < n a m e > G E N E R I C _ E X E C U T E < / n a m e > < v a l u e > 0 × 2 0 0 0 0 0 0 0 < / v a l u e > < d e s c r i p t i o n > E x e c u t e a c c e s s < / d e s c r i p t i o n > < / c o n s t a n t > < c o n s t a n t > < n a m e > G E N E R I C _ W R I T E < / n a m e > < v a l u e > 0 × 4 0 0 0 0 0 0 0 < / v a l u e > < d e s c r i p t i o n > W r i t e a c c e s s < / d e s c r i p t i o n > < / c o n s t a n t > < c o n s t a n t > < n a m e > G E N E R I C _ R E A D < / n a m e > < v a l u e > 0 × 8 0 0 0 0 0 0 0 < / v a l u e > < d e s c r i p t i o n > R e a d a c c e s s < / d e s c r i p t i o n > < / c o n s t a n t > < / c o n s t a n t s > < / a r g u m e n t > < / a r g u m e n t s > < / f u n c t i o n > < / f u n c t i o n s > < / m s d n > 1 .   C r e a t e F i l e A d w D e s i r e d A c c e s s M S D N I D A   P r o
[ h t t p : / / w w w . f i r e e y e . c o m / b l o g / t e c h n i c a l / 2 0 1 4 / 0 9 / f l a r e - i d a - p r o - s c r i p t - s e r i e s - m s d n - a n n o t a t i o n s - i d a - p r o - f o r - m a l w a r e - a n a l y s i s . h t m l ]
回复

举报

高级模式
B Color Image Link Quote Code Smilies
您需要登录后才可以回帖 登录 | 立即注册

本版积分规则

使用Markdown编辑器编辑 使用富文本编辑器编辑

Archiver| 手机版| 小黑屋|
Powered by Discuz! X3.4 Copyright © 2001-2020, Tencent Cloud. 商业源码建议获取授权,如侵犯您的权益,请联系客服处理